Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple Greeting Card scams; MSFT time server; Sober next Monday; Netscape 8.01; Pharming

SANS Site Network

Current Site

Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Log In or Sign Up for Free!

Multiple Greeting Card scams; MSFT time server; Sober next Monday; Netscape 8.01; Pharming
Multiple Greeting Card Scams We did get reports about a couple of greeting card scams. They use different domains (bluemountain.com, 123greetings.com). It is important to note that these scams use different domains. If you include greeting card scams in your awareness training, make sure to point out that they may use less known domain names as well. Netscape 8.01 Yesterday's diary pointed out the release of Netscape 8.0. Well, today AOL released a security update (version 8.01). Please make sure you download it. While initial reports of >40 bugs turned out to be inflated, there are still a few issues (about 3-5) that are fixed in 8.01. MSFT Time Server We have one report and some personal observations that the default Microsoft time server (time.windows.com) is having problems. If you are using this time server (it is the default time server for Windows XP installs), make sure you are still able to connect, or let us know if you see any error messages. Sober deadline for next monday The version of Sober responsible for last weeks outbreak of German spam is said to trigger some as of now unknown payload on Monday, May 23rd. If you know what it will do, let us know. The messages are believed to relate to this weekends elections in one of Germany's larger states. Pharming Pharming: Does it exist? We do get ongoing requests for statistics about actual "Pharming Attacks". So far, the response has been easy: "None". While the DNS cache poisoning attack from a few months ago has been called "pharming" by some, it wasn't according to our definition of the term, as it did not attempt to spoof a bank site to obtain passwords. However, pharming is a rather new term, and like other new terms it may stretch itself until it finds a purpose. ------------- Johannes Ullrich jullrich@';drop table email;'sans.org' SANS Institute I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020	Johannes 3693 Posts ISC Handler
Subscribe	May 20th 2005 1 decade ago

Sign Up for Free or Log In to start participating in the conversation!